Overview

overview

8

Static

static

6

374f465d67...18.apk

android-9-x86

8

374f465d67...18.apk

android-11-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    159s
  • platform
    android_x86
  • resource
    android-x86-arm-20240506-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
  • submitted
    12-05-2024 00:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    374f465d676044a2b67d5959727bf8fd_JaffaCakes118.apk

  • Size

    16.3MB

  • MD5

    374f465d676044a2b67d5959727bf8fd

  • SHA1

    88271fa0e16dfbbd0b7a9e02254a5caf86e598fa

  • SHA256

    d707551b54a38aa5a3643f2f5f227748b460e0dada2e6489c59742af7d035481

  • SHA512

    d661ea1a59f3d708a78eac4057decc4e6218c491f418b5fe3b5c4d48bb6753f6cf33e61c1426b02f3ed66e9e374b27eae4e2702cf0d553149b6ced2c9ec4de34

  • SSDEEP

    393216:ViJueap6H9EahLaXGgQ8kOnrz1ppuXeUXabw0RIsIR:4JYIHOalwG/8lrzDpuXedRIsw

Score
8/10
collectiondiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 2 IoCs
    discovery
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
    impact

Processes

  • com.yxxinglin.xzid480
    1⤵
    • Requests cell location
    • Checks CPU information
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Queries information about the current nearby Wi-Fi networks
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4289
    • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
      2⤵
        PID:4444
    • com.yxxinglin.xzid480:pushcore
      1⤵
      • Queries information about running processes on the device
      • Registers a broadcast receiver at runtime (usually for listening for system events)
      • Checks if the internet connection is available
      • Uses Crypto APIs (Might try to encrypt user data)
      PID:4318

    Network

    MITRE ATT&CK Mobile v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/data/com.yxxinglin.xzid480/cache/image_manager_disk_cache/journal.tmp
      Filesize

      31B

      MD5

      8c92de9ce46d41a22f3b20f77404cc1d

      SHA1

      8671a6dca00edb72be47363a7071be65cf270373

      SHA256

      68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

      SHA512

      30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

      Download Submit

    • /data/data/com.yxxinglin.xzid480/databases/RKStorage
      Filesize

      80KB

      MD5

      7fc86ec63b0b2c43fb5314ee7024d0c9

      SHA1

      2be5452539da18b58aabe0f5e9bd36cffa531469

      SHA256

      ce361e843b7bde08a1dcc40b533b1cda57e211471516200de7185c6064384a68

      SHA512

      8fd20bcbbc6ef5a61f4441a7c59a2a4afa6f8a21350f097e26df81ae0a871a7245e039d526431f909cc268d02d1c0d526083606bd5a36f29fad73713c05b3829

      Download Submit

    • /data/data/com.yxxinglin.xzid480/databases/RKStorage-journal
      Filesize

      512B

      MD5

      a1f2634a60035257e0acc432d8870a31

      SHA1

      ac6de79704babe8f0f0a4ef0df01674e43a19310

      SHA256

      eb9ade489999c1e6c78b8dfcbf9f5e2320802bea0adcb5469a8fbb82ac48979e

      SHA512

      051343efd2b1c377665fae473866d8ed81a2c426d692ad272b32190bbff40927572841f4a5922ed4c0d5277a3be53171234548cc0f814ed2b4e94252a9e9584b

      Download Submit

    • /data/data/com.yxxinglin.xzid480/databases/RKStorage-shm
      Filesize

      32KB

      MD5

      bb7df04e1b0a2570657527a7e108ae23

      SHA1

      5188431849b4613152fd7bdba6a3ff0a4fd6424b

      SHA256

      c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

      SHA512

      768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

      Download Submit

    • /data/data/com.yxxinglin.xzid480/databases/RKStorage-wal
      Filesize

      474KB

      MD5

      7203a3a34e718c1d7f484cc4cd3c1972

      SHA1

      95559d634f9a072e95d96cf77ed362bc352104b6

      SHA256

      93ec726f081744242d2db7fdbae62e9ac0cd3b35bfb64fd86cc412dd6b11fd27

      SHA512

      a44ea1b955b5d18a6a1bb2c84e29b29cbb5021881355cd208f523e235f2419f4b0384604af2bfdbab616ca525cfbc0f6b18079d303d9f3b8b7d72d2d735c40cd

      Download Submit

    • /data/data/com.yxxinglin.xzid480/files/jpush_stat_history/active_user/nowrap/88f85b95-b0b8-46a1-ac5f-2d48698054ff
      Filesize

      159B

      MD5

      e727b2eb9c8a4fc5b8bfd19f41349fce

      SHA1

      30f350721812d09c0e79ea0f7bb5e96caaa70dc4

      SHA256

      3ccc9ed1166f576ccb029ef15c56a2a6f412aa40f2bede2e88ef5c439143cb7d

      SHA512

      2b19892813baec524bc4338d1816a11c64c43a2548cf1e41be7a50ad58163bc3e5ce40c20684e35706563804fdd2e110cc61fc203374964bc2bd97f8a29dfb31

      Download Submit

    • /data/data/com.yxxinglin.xzid480/files/jpush_stat_history_pushcore/normal/nowrap/da8f911d-11ec-4e13-9021-e9264dd28c05
      Filesize

      202B

      MD5

      ff6e7ab9541d4928e7475437bf9db480

      SHA1

      12ebac274f76c5a2e5378b7bcc96e3456329cc2c

      SHA256

      1d66ff072f0fa905088d838af627ef13e3470b49cf2dee23773533fd2590ed7c

      SHA512

      4b8f95da54ac214191cf93bfc3a69a2f1b28dee84282e04497410b6a073f2985c04c124747f510bda1e6c8b19d696c189827b64e1761a85637798da8e025262a

      Download Submit

    • /data/data/com.yxxinglin.xzid480/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE1NDczNzM5Nzcy

      Filesize

      1KB

      MD5

      31706de6422b435b24f52e04c943e751

      SHA1

      f3a5439689cdde6b007df9eb6f359e25768cc28d

      SHA256

      79b78c3da4a1635ffa624fdb3e771f039ddac14b5fc8041a6e8df5f4cd969d88

      SHA512

      4896dd8ee31e29770e222054ef8bc6a3c6cbfc06b8b541ddbef23da174f243f32296fa9dbdc25a799b0d88cd3ccd60937a841eb17e6351e59145e214f9f97813

      Download Submit

    • /data/data/com.yxxinglin.xzid480/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE1NDczNzcwODE3

      Filesize

      1KB

      MD5

      4968a32eab6cf09087f811733614fc72

      SHA1

      b4abb58e489ac20f0a069b53fa40a310324c843a

      SHA256

      1c9a9573783fe9d478943a28afe397da9f634a481d6af304d24474f61b290059

      SHA512

      79d038a319224ebb4ea258738947e25478121d8ba92f18c91c86d3f19d06ee56eedda7b9ac4377bf979afc4d59740ed9a05f2f84a2774f3a51e99c594c2cd621

      Download Submit

    • /data/data/com.yxxinglin.xzid480/files/umeng_it.cache
      Filesize

      415B

      MD5

      c1cb5ac37365c54a685cb0d78df86062

      SHA1

      4b8f5f2ee21102f5501f02a0a703c91734b97bf6

      SHA256

      62f54084d0d8da2209e05c63cc9f4932280b54c64aabc4803a976687eebebf7e

      SHA512

      10d92bd8ca1f5faec70ca58afd120598b143162f03d0a42b7d92a048fb0c7aa93ba978d1b678177a8c617f18973edb97d235a4de564f40ca538b866cda1e3568

      Download Submit

    • /data/data/com.yxxinglin.xzid480/lib-main/dso_deps
      Filesize

      148B

      MD5

      5a0fc01d2bdf6e43a462d3f6de159a8f

      SHA1

      418c6ebe7ac2508efe5cd6d19f884f33c7a012bc

      SHA256

      6f3d140a9daa10614b36b7d31a78355fac4cceec272e0c2cc2da461ea35faf80

      SHA512

      2921ba406e415018aeb81d7948bd61c5f9a173122b76b078a63b023e3995e6364e6d280dd3621972fc438958638d4e3b8c70652f82be60f84c1618b863a1d83b

      Download Submit

    • /data/data/com.yxxinglin.xzid480/lib-main/dso_manifest
      Filesize

      5B

      MD5

      c06857e9ea338f3f3a24bb78f8fbdf6f

      SHA1

      c5a0a2529d2deb60fec041b4fbd722a2ebe31702

      SHA256

      957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027

      SHA512

      29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

      Download Submit

    • /data/data/com.yxxinglin.xzid480/lib-main/dso_state
      Filesize

      9B

      MD5

      bf8feae6664953b133f31827c4d76db7

      SHA1

      7e05dd62edd704ef6214ec2fbab0fbb32d969193

      SHA256

      84ba4bc68af8f591dbd78998df67a92a8e11e8923d925992ea8fee9abc6cd615

      SHA512

      daaea951178d37e447b3737de33ea4e5985823308dd8006db76836957e5fe4757f6fc15499e3cbdc9d113a907cffa0bb0fcf34e85212b335d648233a66a49860

      Download Submit

    • /data/data/com.yxxinglin.xzid480/lib-main/dso_state
      Filesize

      32B

      MD5

      8ec8a9dd236ec0aa53c4310f73e07af5

      SHA1

      b4f122fe5a6c96a548fc74224b66789a715afef5

      SHA256

      408035c4d12b585f52d47e3d383154ac882a222f02fbefe4f5546819b49f790e

      SHA512

      e2bfe7786eb46b46a31d969c5c321a9b56eb21bef45fa494ecad6754b6a667e1576f71a0bcf598c3486907f15290aeaf5fecaeee273f0363d1c9eff715394128

      Download Submit